#include#include //* unsigned char input[] = { 0x01, 0x20, 0x20, 0x20, 0x20, 0x20, 0x47, 0x46, 0x28, 0x32, 0x5E, 0x36, 0x34, 0x29, 0x5B, 0x58, 0x01, 0x2F, 0x28, 0x78, 0x5E, 0x36, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x36, 0x32, 0x20, 0x2B, 0x39, 0x46, 0xF7, 0x28, 0xA3, 0x16, 0xBB, 0x66, 0x78, 0x5E, 0x35, 0x35, 0x20, 0x2B, 0x20, 0x78, 0x01, 0x35, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x35, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x35, 0x01, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x36, 0x20, 0x01, 0x20, 0x78, 0x5E, 0x34, 0x35, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x30, 0x20, 0x2B, 0x20, 0x01, 0x5E, 0x33, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x38, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x01, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x35, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x33, 0x31, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x32, 0x31, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x33, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x32, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x30, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x39, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x37, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x34, 0x20, 0x2B, 0x20, 0x78, 0x5E, 0x31, 0x20, 0x2B, 0x20, 0x31, 0x29, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x00 }; unsigned int arr[] = { 0x00000000, 0x00000000, 0x03A75F6F, 0xB32E4CBE, 0xA840A05B, 0xF4843657, 0xABE7FF34, 0x47AA7AE9, 0xFF8F5E33, 0x7BD0C384, 0xFC28015C, 0xC8FE8F3A, 0x57CFFE68, 0x8F54F5D3, 0x5468A107, 0x3C7AB96D, 0xFF1EBC66, 0xF7A18709, 0xFCB9E309, 0x448FCBB7, 0x575E1C3D, 0x0325B15E, 0x54F94352, 0xB00BFDE0, 0x0091E255, 0x8C71448D, 0x0336BD3A, 0x3F5F0833, 0xA8D1420E, 0x78F572DA, 0xAB761D61, 0xCBDB3E64, 0x51336649, 0x7D9BA138, 0x52943926, 0xCEB5ED86, 0xF973C612, 0x891F976F, 0xFAD4997D, 0x3A31DBD1, 0xAEBC387A, 0x064B62BC, 0xAD1B6715, 0xB5652E02, 0x06FC9821, 0xF2CF54EB, 0x055BC74E, 0x41E11855, 0xAE2DDA2F, 0x8A3A2631, 0xAD8A8540, 0x39146A8F, 0x066D7A74, 0x7EBE1066, 0x05CA251B, 0xCD905CD8, 0x51A2841C, 0xF1EAE5B5, 0x5205DB73, 0x42C4A90B, 0xF9E22447, 0x056ED3E2, 0xFA457B28, 0xB6409F5C, 0xA266CC92, 0xFB374270, 0xA1C193FD, 0x48190ECE, 0x0A266CC9, 0x0FB37427, 0x098133A6, 0xBC9D3899, 0x5DE992A1, 0x80E781F4, 0x5E4ECDCE, 0x33C9CD4A, 0xF5A932FA, 0x7463B7A3, 0xF60E6D95, 0xC74DFB1D, 0x5D7870F4, 0x0C96C579, 0x5EDF2F9B, 0xBFB889C7, 0xF538D0AF, 0xF812F32E, 0xF69F8FC0, 0x4B3CBF90, 0xA2F72EC7, 0x774606FD, 0xA15071A8, 0xC4684A43, 0x0AB78E9C, 0x83C230AA, 0x0910D1F3, 0x30EC7C14, 0xF355AADB, 0x86ACE348, 0xF0F2F5B4, 0x3582AFF6, 0x5B150A80, 0x7228D51F, 0x58B255EF, 0xC10699A1, 0x0CDAF4E8, 0xFD7C20CC, 0x0F7DAB87, 0x4E526C72, 0xA49A54B3, 0x09F8169B, 0xA73D0BDC, 0xBAD65A25, 0x0C4B16BD, 0x710D6441, 0x0FEC49D2, 0xC22328FF, 0xA40BB6E6, 0x85895216, 0xA7ACE989, 0x36A71EA8, 0xF3C4488E, 0x0ADDA7C5, 0xF06317E1, 0xB9F3EB7B, 0x5B84E8D5, 0xFE599192, 0x5823B7BA, 0x4D77DD2C, 0xEBC387A1, 0x64B62BCA, 0xE864D8CE, 0xD7986774, 0x438327FA, 0x90321D9D, 0x40247895, 0x231C5123, 0x144CD992, 0x1F66E84E, 0x17EB86FD, 0xAC48A4F0, 0xBC0C79C9, 0xEBE2DE19, 0xBFAB26A6, 0x58CC92A7, 0x14DD3BC7, 0x9317ACC3, 0x177A64A8, 0x2039E07D, 0xBC9D9B9C, 0x67939A94, 0xBF3AC4F3, 0xD4BDD62A, 0xEB5265F4, 0xE8C76F47, 0xE8F53A9B, 0x5BE923F9, 0x4312C5AF, 0x1C435910, 0x40B59AC0, 0xAF6D15AE, 0xBAF0E1E8, 0x192D8AF2, 0xB957BE87, 0xAA03C64C, 0x12B041B3, 0xEDA9BCA5, 0x11171EDC, 0x5E87F01B, 0x457FBFDB, 0x62FD4976, 0x46D8E0B4, 0xD1D305C8, 0xED3F1F80, 0x96797F21, 0xEE9840EF, 0x2557339F, 0x45EE5D8E, 0xEE8C0DFB, 0x464902E1, 0x5DA24145, 0xEDAEFDD5, 0x1A083BAC, 0xEE09A2BA, 0xA9267712, 0xBA6103BD, 0x955CCE7F, 0xB9C65CD2, 0x267282C1, 0x1221A3E6, 0x61D8F828, 0x1186FC89, 0xD2F6B496, 0x49A54B33, 0x9F8169BA, 0x4A02145C, 0x2CAF2504, 0xE1E5EB68, 0x6B055FED, 0xE242B407, 0xD82B1353, 0xB62A1500, 0xE451AA3E, 0xB58D4A6F, 0x577FE680, 0x1E6AB55B, 0x10D59C69, 0x1DCDEA34, 0xA3FBD0D7, 0xB6BBF755, 0x6820EEB3, 0xB51CA83A, 0xDB0EA20D, 0x1EFB570E, 0x9CA4D8E4, 0x1D5C0861, 0x2F8A945A, 0x4934A966, 0x13F02D37, 0x4A93F609, 0xA0DE6189, 0xE174093D, 0xE7741B60, 0xE2D35652, 0x545A57DE, 0x18962D7A, 0xE21AC882, 0x1B317215, 0x5134843C, 0xB0D68D21, 0x169EFED5, 0xB371D24E, 0xA5B0B26B, 0xE7197349, 0x99CA0B06, 0xE4BE2C26, 0x2AE447B8, 0x4F59D312, 0x6D4E3D51, 0x4CFE8C7D, 0xDE6071EF, 0xE788911C, 0x15BB4F8B, 0xE42FCE73, 0xA6950335, 0x4FC83147, 0xE13F79DC, 0x4C6F6E28, 0x52113562, 0x1807CF2F, 0x6E6B8C0F, 0x1BA09040, 0xDD45C0B1, 0xB0476F74, 0x9AEFBA58, 0xB3E0301B, 0x29C1F6E6, 0xD7870F42, 0xC96C5795, 0xD420502D, 0x7A421B2B, 0x7FC7AF19, 0x3DE861C2, 0x7C60F076, 0x8EC62D7C, 0x28085171, 0xB2BC9411, 0x2BAF0E1E, 0x0192D8AF, 0x8048F12A, 0x4638A246, 0x83EFAE45, 0xF516EEF8, 0x2899B324, 0x3ECDD09C, 0x2B3EEC4B, 0x8DE39C22, 0x80D9137F, 0xCA49E6CB, 0x837E4C10, 0x7967AA75, 0xD716ED17, 0x451D1318, 0xD4B1B278, 0xF6335FA6, 0x7F564D4C, 0xB199254F, 0x7CF11223, 0x02B769F1, 0x86B4690B, 0xB4F7F6AD, 0x85133664, 0x07D9BA13, 0x2EF4C950, 0x4073C0FA, 0x2D53963F, 0xF35D8C44, 0x793B3738, 0xCF273529, 0x7A9C6857, 0x7C097997, 0xD17B9763, 0x3BA3037E, 0xD2DCC80C, 0x888D4FC0, 0x79AAD56D, 0x435671A4, 0x7A0D8A02, 0xF0783D1A, 0xD1EA7536, 0xB7D247F3, 0xD24D2A59, 0x04FC0B4D, 0x86258B5E, 0x3886B220, 0x8582D431, 0x8BA8FE9E, 0x2E652B05, 0xCC028477, 0x2DC2746A, 0x7F2CC8C9, 0x75E1C3D0, 0x325B15E5, 0x76469CBF, 0x8175595B, 0xDDA1638B, 0xC6DF23B2, 0xDE063CE4, 0x75F16F0C, 0x8A6E9DE3, 0x498BD661, 0x89C9C28C, 0xFAA59ADF, 0x222E3DB8, 0xBD0FE036, 0x218962D7, 0x0E21AC88, 0x8AFF7FB6, 0xC5FA92EC, 0x895820D9, 0x76D4DE52, 0x22BFDFED, 0x317EA4BB, 0x21188082, 0x8250E805, 0x75702185, 0xBE2A5168, 0x76D77EEA, 0x0D041DD6, 0xDD3081DE, 0x4AAE673F, 0xDE97DEB1, 0xF9802B81, 0x24D2A599, 0x4FC0B4DD, 0x2775FAF6, 0xFCEEF863, 0x8C9205C2, 0xBB44828A, 0x8F355AAD, 0x086ACE34, 0xDB5DFBAA, 0x34107759, 0xD8FAA4C5, 0x873E3BE7, 0x731D5BF1, 0xC094410E, 0x70BA049E, 0x73BA0DB0, 0xDBCC19FF, 0xB86133D4, 0xD86B4690, 0x0B4F7F6A, 0x738CB9A4, 0x4CE50583, 0x702BE6CB, 0xFFCB493D, 0x244347CC, 0xC3B1F050, 0x27E418A3, 0x709FBCEE, 0x8C03E797, 0x3735C607, 0x8FA4B8F8, 0x841B8AB9, 0x3C4488E3, 0xADDA7C5F, 0x3FE3D78C, 0x1EF430E1, 0x940428B8, 0x595E4A08, 0x97A377D7, 0xEA7006B6, 0xC3CBD6D0, 0xD60ABFDB, 0xC06C89BF, 0x6524F365, 0x6B8B768B, 0x228E898C, 0x682C29E4, 0x91A0C532, 0xC35A3485, 0x5A7BFB56, 0xC0FD6BEA, 0xE955B7E8, 0x6B1A94DE, 0xAEFFCD01, 0x68BDCBB1, 0x1DD181BF, 0x3CD56AB6, 0x21AB38D2, 0x3F7235D9, 0x9285746C, 0x9495CAED, 0xD52F0E85, 0x97329582, 0x6601423B, 0x6D77EEAA, 0xD041DD67, 0x6ED0B1C5, 0x636F91D9, 0xC5374EF1, 0x24C5EB30, 0xC690119E, 0x97EBA78E, 0x92F8B099, 0xAB911EE3, 0x915FEFF6, 0x18BF525D, 0x3AB810C2, 0x5F1528B4, 0x391F4FAD, 0xEC3B640A, 0x926952CC, 0x27E05A6E, 0x91CE0DA3, 0x94CE16D0, 0x3A29F297, 0xD3646C39, 0x398EADF8, 0x604A2087, 0x6DE60CFF, 0x5C3099EA, 0x6E415390, 0xEF1ED554, 0xC5A6ACA4, 0xA8B4AFBD, 0xC601F3CB, 0x1B9AE303, 0x9E224471, 0x56ED3E2F, 0x9D851B1E, 0xE5C37291, 0x3662E42A, 0xA2690878, 0x35C5BB45, 0x114744C6, 0x61AD1A42, 0x2D3DFDAB, 0x620A452D, 0x9E13B115, 0xC9EDBA19, 0xD9B9CBFC, 0xCA4AE576, 0x6A978742, 0x613CF817, 0xA14CB926, 0x629BA778, 0x1262F598, 0xC97C584C, 0x55C88F71, 0xCADB0723, 0xE6E6C3CF, 0x9EB3A624, 0xDA9C7AA2, 0x9D14F94B, 0x69B2361C, 0x36F3067F, 0x2E184CF5, 0x35545910, 0x9D36004B, 0xCF112238, 0x2B769F17, 0xCCB67D57, 0x9858D3A9, 0x67518263, 0xDFF2A940, 0x64F6DD0C, 0x6CDCE5FE, 0x309E7C0B, 0x50A65C93, 0x33392364, 0xE388102D, 0x98DEDC50, 0xA4226AC4, 0x9B79833F, 0x170C267A, 0x300F9E5E, 0xDCD7181E, 0x33A8C131, 0x6FF954A0, 0x984F3E05, 0x28532E49, 0x9BE8616A, 0x9B7D62F7, 0xCF80C06D, 0xA707DB9A, 0xCC279F02, 0x14299724, 0x67C06036, 0x5383EDCD, 0x64673F59, 0xE0ADA173 }; // len == 512 //EAX = 0x72706163 //EDX = 0x69636369 //*/ const unsigned int CMP_EAX = 0x72706163; const unsigned int CMP_EDX = 0x69636369; unsigned int head_eax, head_edx; unsigned int tail_eax, tail_edx; bool check_crc(unsigned int _eax, unsigned int _edx, int index) { for(int i = index; i < 256; i++) { int _ecx = input[i]; int _edi = _eax & 0x000000ff; _edi = _ecx^_edi; __asm { mov eax, _eax mov edx, _edx shrd eax, edx, 8 mov _eax, eax } _eax = _eax^arr[_edi*2]; _edx = _edx>>8; _edx = _edx^arr[_edi*2+1]; } if(_eax == CMP_EAX && _edx == CMP_EDX) return true; return false; } void check_AL(int index) { int input; printf("index = 0x%02X\n", index); for(int al = 0 ; al < 0xff ; al++) { input = index^al; if(input >='a'&&input<='z'|| input>='A'&&input<='Z'|| input>='0'&&input<='9') { printf("al=0x%02X, input = %c(0x%02X)\n", al, input,input); } } } int find_input(unsigned int eax, unsigned int edx, int index) { eax = 0xF491315C; edx = 0xE5898627; // index of input index = 112; unsigned int tmp_edx = edx&0x00ffffff; for(int j = 0 ; j < 0x100 ; j++) { if(!(j >='a'&&j<='z'|| j>='A'&&j<='Z'|| j>='0'&&j<='9')) { continue; } input[index]=j; for(unsigned int i = 0x00000000 ; i <0xff000000 ; i += 0x01000000) { if(check_crc(eax, tmp_edx^i, index-7)) { printf("있긴있냐?\n"); printf("0x%08X, 0x%08X, %c\n",eax, tmp_edx^i, j); break; } } } return 0; } int main() { int index = 0; tail_eax = CMP_EAX; tail_edx = CMP_EDX; /* 1. edx를 이용해 index 를 알아낸다. 2. index를 알아내서 edx 와 eax 를 그 index에 맞는 값과 xor 3. edx를 << 2 eax 에서 앞 2자리 얻어옴. 이러면 head eax 완성이다. 4. eax 뒤에 2자리는 index = 한글자 읽어온값 xor 이전의 AL 이니까 AL = 한글자 xor index 와 같다. 이렇게해서 추가해주면 head eax 완성이고. 5. head eax, head edx 를 tail로 바꾸어서 반복해준다. */ // edx 를 찾아야지. 홀수와 짝수.. find_input(0,0,0); for(int j = 255 ; j >= 0 ; j -- ) { unsigned int ch = input[j]; unsigned int tmp_edx = tail_edx; tmp_edx = tmp_edx&0xff000000; index = -1; for(int i = 0 ; i < 512 ; i += 2) { unsigned int tmp_arr = arr[i+1]; tmp_arr = tmp_arr&0xff000000; if(tmp_arr == tmp_edx) // 앞에 두자리가 같잖아.. //찾은거야 { index = i/2; // i, i+1 로 사용 tail_eax = tail_eax^arr[index*2]; tail_edx = tail_edx^arr[index*2+1]; break; } } if(index == -1 ) { printf("arr index 검색 실패 ..\n"); return 0; } __asm { push eax push edx mov eax, tail_eax mov edx, tail_edx shld edx, eax, 8 shl eax, 8 mov tail_eax, eax mov tail_edx, edx pop eax pop edx } unsigned int AL = ch^index; tail_eax = tail_eax^AL; if(ch==0x01) { printf("여기서 그거문자열ㄷ잇어야하는뎁?\n"); getchar(); check_AL(index); getchar(); } if(check_crc(tail_eax, tail_edx, j)) printf("[string index = %d, %02X] EAX = 0x%08X\tEDX = 0x%08X\n", j, input[j], tail_eax, tail_edx); else { printf("Crc check 실패 \n"); break; } } return 0; }
이거 reversing.kr 에서 crc 문제로 있는앤대 code engn 에서 가져왔다더니 advance 17번 이었다 ㅋㅋ 시바.. 똑같은대서 막힌다
'메모' 카테고리의 다른 글
Windbg 사용, 설정 (0) | 2013.12.24 |
---|---|
JAVA Error occurred during initialization of VM 문제해결 (0) | 2013.12.19 |
메모 (2) | 2013.11.28 |
아나 하이라이터 ㅡㅡ (0) | 2013.11.01 |
리버싱&해킹공부자료 (1) | 2013.10.30 |
도타2 챔프 (0) | 2013.10.28 |
댓글을 달아 주세요
또똑같은데서막히시는군요..
ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ그렇게됬네요 ㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋㅋ